Skip to main content
CiscoDevicesHow TosNext-Gen Firewalls

Set up VPN for a Cisco FirePower Firewall

By GabrielleFebruary 7, 2023September 27th, 2024No Comments

About Cisco Firepower Firewalls

Cisco Firepower Next Generation Firewalls offer security-conscious business users high performance protection for their network.

These powerful VPN firewalls come with a diverse spec designed to suit a range of use cases, from small businesses and branch offices, all the way up to enterprise and data center level.

Jump to:

In this guide, we take you through the key VPN specification for the Cisco Firepower 1010, and how to connect to Cisco VPN on Mac, iPhone or iPad.

Technical Specification

Series: Cisco Firepower NGFW

Model: 1010

Recommended for: Small to medium sized businesses

Supported VPN Protocols: IPsec, AnyConnect SSL

Max IPsec VPN throughput: 400 Mbit/s

Device Status: Active

Configure VPN on your Cisco Firepower firewall

Every organization has specific requirements for their VPN which makes it tricky to provide a 'one-size-fits-all' method for the VPN gateway configuration. For this reason, this guide assumes that you or your admin has already successfully configured an IPsec or SSL VPN tunnel on your Cisco Firepower device.

This being said, if you require assistance configuring VPN on your Cisco Firepower firewall in order to get connected in VPN Tracker, reach out to our support team – we're happy to help!

Connect to Cisco Firepower via IPsec IKEv1 VPN on Mac, iPhone, iPad

In order to connect to the new IPsec VPN tunnel and get secure remote access to your Cisco Firepower firewall, you will need a VPN client.

VPN Tracker is the best VPN client for Mac and iOS. Before you connect to your Cisco Firepower VPN on your Mac, iPhone or iPad, you will need the following configuration information for your device:

Configuration checklist

  1. Gateway address
  2. Pre-shared Key
  3. VPN username
  4. VPN user password
  5. Remote Identifier (remember, the remote identifier on your device = the local identifier for the VPN client.)

Tip: If you're not sure about any of these values, reach out to your IT admin for further assistance.

Our tip: Cisco IPsec configuration wizard

Cisco EasyVPN already makes getting connected to Cisco IPsec VPN super straightforward, however, VPN Tracker makes it even easier thanks to the step-by-step configuration wizard for Cisco IKEv1 VPN connections.

Use the configuration wizard to connect to Cisco IPsec VPN on your Mac, iPhone or iPad in just a few simple steps.

Follow the instructions in the wizard and enter your configuration information as prompted - VPN Tracker will do the rest! Once you've finished, save your connection in your account using secure end-to-end encryption to access your Cisco VPN on your Mac, iPhone and iPad in VPN Tracker.

A note on older devices

For newer Cisco Firepower firewalls (running ASA 9.13 or later), VPN Tracker automatically selects Diffie-Hellman Group 14 for the IPsec tunnel encryption, as this is the highest possible group which is supported by Cisco Firepower. In this case, your connection will be ready to go as soon as you've completed the setup wizard!

If you are using an older device (pre ASA 9.13) which does not support up to DH-Group 14, you will need to enter the group number manually (e.g. Group 2.) Please ensure the group number you enter in VPN Tracker exactly matches the group number configured on your Cisco gateway.

To update the DH group, re-open the configuration for your connection:

Then, switch to the Advanced tab and under Phase 1, go to Diffie-Hellman and choose your group number from the dropdown menu:

For older Cisco Firepower devices, please manually select your DH-Group value in the configuration settings

Connect to Cisco AnyConnect SSL VPN on Mac, iPhone, iPad

To connect to your Cisco Firepower using AnyConnect SSL VPN on your Mac, iPhone or iPad, you will need to enter the following configuration information for your device:

Configuration checklist

  1. Gateway address
  2. Authentication certificates (Local Certificate and Certificate Authority). Not sure? Reach out to your IT admin or refer to your VPN portal
  3. VPN username
  4. VPN user password

Connect to your Cisco AnyConnect SSL VPN tunnel

In order to connect to the AnyConnect SSL VPN tunnel and get secure remote access to your Cisco Firepower firewall, you will need a VPN client.

VPN Tracker supports AnyConnect SSL VPN connections on Mac, iPhone and iPad!

Follow these steps to configure a connection:

  1. Create a new Cisco AnyConnect SSL connection in VPN Tracker
  2. Enter the gateway address or hostname of your Cisco Firepower firewall (1)
    Important: The gateway address and domain are case sensitive. Best to copy and paste from your firewall settings.
  3. If applicable, under Authentication, upload your Local Certificate and Certificate Authority (2)
  4. Next, enter your Username (3) and Password (4) to log in to the VPN when you connect
  5. Finally, give your connection a name and securely store it in your account via end-to-end encryption

You can now connect to your Cisco firewall via SSL VPN on Mac, iPhone or iPad.

Share a Cisco VPN connection with your team

Configuring VPN for multiple users? VPN Tracker makes it easier than ever to roll out pre-configured VPN connections to team members using secure, end-to-end encrypted, cloud-based technology.

Select Share with Team to instantly share the new connection with team members using TeamCloud and grant them secure VPN access on Mac, iPhone and iPad. For example, for SSL VPN connections, VPN users won't need to log in to the AnyConnect client and enter the gateway information and their login details every time, as these will be securely stored in their VPN Tracker account using end-to-end encryption. Learn more.

Tip: You can even choose to hide the connection settings upon export for complete zero-trust privacy.

Use TeamCloud technology to securely roll out Cisco VPN connections to team members

Once a team member has received their connection, all they need to do is use their unique Username and Password from the Cisco gateway to access the VPN in VPN Tracker. For Cisco AnyConnect SSL connections, Single Sign-on (SSO) is also supported to make the connection rollout even smoother.

Set up your Cisco VPN connection today

Start your free, 7 day VPN Tracker trial today and connect to Cisco VPN on Mac, iPhone & iPad.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedback
View all comments
Privacy-Settings / Datenschutz-Einstellungen
0
Feedback or improvements? Let us know!x
()
x